Subscribe
Modern field guide to security and privacy

US CIO Tony Scott on fixing cybersecurity's talent gap (+video)

At a Passcode event Tuesday, the US chief information officer said the federal government wants candidates who know languages, biology, and anthropology to fill cybersecurity roles – and one of its most important hires, the new chief information security officer, will be announced within 30 days.

  • close
    White House Chief Information Officer Tony Scott (l.) spoke with Passcode on Apr. 12 about fixing the pipeline into the cybersecurity workforce.
    Michael Bonfigli/The Christian Science Monitor
    View Caption
  • About video ads
    View Caption
of

If you're trying to recruit employees to help defend your organization's computer networks against malicious hackers, good luck. You've got a lot of tough competition.

US government agencies and businesses are scrambling to bolster security operations teams to defend against breaches such as last year's massive data spill at the Office of Personnel Management. US Chief Information Officer Tony Scott revealed on Tuesday that the government will announce the hiring of a Chief Information Security Officer in the next 30 days – a step toward dealing with that problem. 

But even though the Obama administration has pledged $62 million to build a more robust digital security workforce – and private sector companies are promising six-figure salaries to so-called "white hat" hackers – experts say there still aren't enough qualified candidates to go around. In fact, the cybersecurity firm Symantec projects demand for cybersecurity jobs could fall short by 1.5 million people worldwide by 2019.

Recommended: In nod to Silicon Valley, Pentagon opens door to hackers

On Tuesday, Passcode hosted an event in Baltimore to explore the newest ideas and approaches to close the cybersecurity skills gap that featured Mr. Scott and leading figures in digital security from firms such as CrowdStrike and CyberVista. The full video of the event is available here.

Here are some key takeaways from the event:

1. It’s not just a supply problem

Sure, fixing the cybersecurity workforce has a lot to do with hiring the right people, but employees must constantly adapt to new threats – from the viruses that maliciously encrypt vulnerable files to massive data breaches – to stay up to speed.

"It’s not an area where you can go to school, learn something, and then just sit on your hands for the next 30 years," said Scott. "It’s kind of an eyes-wide-open field where you have to keep yourself continually educated."

close
Tony Scott, US chief information officer, spoke at a Passcode event on Tuesday in Baltimore.

2. Think outside the network

A lot of network defense comes down to keeping the bad guys out. But with US government agencies and companies facing threats from adversaries such as Chinese hackers, Russian cybercriminals, and the Iranian military, that doesn’t just mean scanning your systems for malicious software. Maybe you could help out by deciphering notes on code written in a foreign language – or by understanding the cultural motivations behind a hack.

"Cyber is a global problem and we need people that speak every language on the planet," Scott said. "We need people with all kinds of different skills. We need cultural anthropologists. I’m looking for people who understand biology and cybersecurity. There’s no area where we’re full up, we need everything."

close
Tony Scott, chief information officer for the United States, spoke with Passcode editor Michael Farrell at the "Workforce 2.0" event in Baltimore.

3. It's not just about the money 

Scott knows firsthand that the federal government doesn't pay like the private sector – he had to take a pay cut to join the White House from the software firm VMWare. But, he said, going to Washington is about more than the money. 

"Yes, I’d like to see these roles pay better – but at some level, these are some of the most challenging and important roles that you can play," he said. "For me, this was the challenge and the opportunity of a lifetime."

Scott said that the US government has cut down the list of candidates for the federal Chief Information Security Officer position to a handful of candidates – and expects to announce a decision within the next month.

close
US Chief Information Officer Tony Scott spoke with Passcode's Michael Farrell on Tuesday in Baltimore.

4. Open things up for US government hackers

Want to get more hackers into government service? US government agencies should stay in the loop with private companies, said Jason Geffner, CrowdStrike’s chief security researcher, and let hackers in Washington show their work at security gatherings such the RSA Conference or the DEF CON hacker convention.

"There’s no communication really across the fields,” he said. "People who are in the private sector who aren’t interested in going into the public sector think it’s important to speak on a panel, speak on a conference. It makes it much less appealing to pursue that career path."

close
Jason Geffner, principal researcher at the cybersecurity firm CrowdStrike, spoke Tuesday at a Passcode event in Baltimore.

5. Passion is key

Don’t know how to write a line of code? That may not matter, said Simone Petrella, chief cyberstrategy officer at the cybersecurity firm CyberVista. Other key ingredients for successful cybersecurity pros are curiosity and passion, she said.

"At the end of the day, the people who succeed don’t have a degree or a certificate – they’re really good at Googling," she said. “It’s just the passion to explore more and gain knowledge, that just happens to be in cybersecurity.”

close
Simone Petrella, chief cyberstrategy officer at CyberVista, spoke at a Passcode event on Tuesday in Baltimore.

Employers also need to better communicate that cybersecurity positions involve much more than sitting in front of a computer all day, said Rodney Petersen, leader of National Initiative for Cybersecurity Education at the National Institute of Standards and Technology (NIST).

"In cybersecurity, there’s probably a stereotype that it’s a loner, it’s a hacker, it’s a person behind a computer screen – which is quite frankly maybe not attractive to somebody who wants to interact with a team," said Mr. Petersen. "You can volunteer, you can work for your institution, you can do things other than independently hacking."

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK